Transmitting electronic data between computing devices occurs in nearly every arena of society. In some scenarios, data transmissions between systems on a network may be intercepted by other systems that have access to the network traffic. Although the data being transmitted may be encrypted, there are various ways in which a nefarious observer may fool a transmitter of data and a receiver of data.
In another scenario, a nefarious observer may inject himself between transmitters and receivers of data such that the transmitters and receivers may not be aware that the observer may be recording and reading data being transmitted between them. Certain weaknesses in network security may be exploited to create such tunnels.
In certain scenarios, encrypted data may use certificates, and certificate authorities to validate ownership of encryption keys. The keys may be used to encrypt and decrypt data. An observer of these encrypted transmissions may still decrypt the data and gain access by cracking encryption keys.
Additionally, readily available applications may interrupt such secured transmissions and offer users encryption keys that may appear valid for websites they visit while in fact their information may be intercepted. Such an attack, a “man in the middle” attack is often undetectable to either the client or the server. Public/private keys as well as certificates are often “valid” for a year or more, giving a “man in the middle” ample time to use a cracked key or to crack a key and gain access to what was intended to be private information.